2 years ago

The National Institute of Standards and Technology (NIST) has responded to the increased prevalence of third-party risks by specifying industry standards for securing the supply chain attack surface - the attack surface most vulnerable to third-party risks. https://csrc.nist.gov/publications/detail/sp/800-161/final - Supply Chain Risk Management Practices for Federal Information Systems and Organizations https://www.nist.gov/cyberframework/framework - Framework for Improving Critical Infrastructure Cybersecurity There is an overlap between the impact of third-party risk controls across all three NIST publications, so compliance with a single standard would also meet many of the third-party risk requirements of the other two standards.

However, implementing the NIST 800-53 framework is an option for any entity seeking to improve its supply chain security posture.

UpGuard helps organizations achieve NIST 800-53 compliance in their third-party risk management framework with the following features: Third-party attack surface monitoring to discover security risks putting the supply chain at risk of compromise.